Tag: Centralized computing

As we know the major difference between a Windows Server OS and Windows Desktop OS is that the server OS can take multiple sessions however Desktop OS can only take one session at a time because of the Listeners.

When we connect to a Desktop OS using Citrix, Port ICA is responsible for the connection and Session timeout policies from CItrix Studio will work as expected.

When we connect to a Server OS using Citrix, precedence is given to RDP as the server is acting as a session host and ICA protocol is running on top of RDP protocol and that is the reason we recommend to apply the Session Disconnect Timeout policy from MS GPO for Server OS. However, Session Idle timer policy will still apply from Citrix Studio for Server OS.

Why do we have this in Studio, if it doesn’t work for Server OS?

This policy is in added to Citrix from older Presentation server/XenDesktop versions to control the idle and disconnect time out on Desktop OS as this works for Desktop OS and we haven’t made any changes to the code for the policy.

Related:

Types of StorageZones

Currently, CSPs are not able to provide hybrid storage to their tenant accounts, i.e. cloud and on-premise StorageZones on the same account. Rather, the CSP can provide exclusively on-premise or cloud storage to each of their tenants.

Multi-Tenant StorageZone: This is a single storage repository, managed by the CSP, which can be shared by an unlimited amount of CSP Content Collaboration tenants. This type of StorageZone is classified as an on premise StorageZone it can be linked to the partner’s cloud blob.

Normal or Standard StorageZone: This is a storage repository, managed by the CSP, which is dedicated to one Content Collaboration account. This type of StorageZone is classified as an on premise StorageZone it can be linked to the partner’s cloud blob.

Cloud StorageZone: This is a storage repository managed by Citrix, and not the CSP. This offering for CSPs provides an unlimited of storage to each Content Collaboration tenant.

Getting Started with Reselling Content Collaboration as a CSP

1. Log-in to citrix.cloud.com with partner MyCitrix credentials. Within the main dashboard, select the “Resell” button under the Content Collaboration badge. If the button appears as “Manage” the partner can skip to step #4.

2. Create or Link a Content Collaboration Partner Account: Fill out the necessary fields in order to create a new Content Collaboration partner account or link an existing Content Collaboration partner account. If the partner has an existing Content Collaboration partner account but it doesn’t appear for automatic linking, please contact Citrix Support.

3. Optional – Set up a Multi-Tenant StorageZone: If the CSP decides to provide a Multi-Tenant StorageZone then the CSP needs to ensure the following:

The Multi-Tenant StorageZone needs to be registered and live on the partner’s Content Collaboration account before the CSP creates a Content Collaboration tenant account.

To check that the partner has successfully installed and registered a Multi-Tenant StorageZone to their partner Content Collaboration account, they can check by logging into their partner account from the Content Collaboration web app and navigate to “Admin Settings” >> “StorageZones.” Here, the Multi-Tenant StorageZone should be located under “Partner-Managed” tab.

If their StorageZone is under the “Customer-Managed” tab then they accidentally installed and registered a standard StorageZone (not Multi-Tenant enabled). In order to change their standard StorageZone to a Multi-Tenant StorageZone the partner will have to “Delete this Zone” within the Content Collaboration web app, remove the StorageZone from their designated server, and re-create the StorageZone and run the Multi-Tenant command prompt.

4.Create a Content Collaboration Tenant Account: From the partner’s Citrix Cloud customer dashboard, select “Invite or Add.” If the partner would like to add a new Citrix customer they will be prompted to fill out information about their new tenant’s Citrix Cloud account. If the partner would like to invite an existing Citrix Cloud customer to their customer dashboard, they can send them a link. Once that customer receives that link and accepts the terms and conditions of becoming a tenant of the CSP. The partner can then add services to their tenants through the customer dashboard by selecting the three dots by the tenant’s company name, then selecting “Add Service” >> “Content Collaboration.”

The partner will select the primary StorageZone that the Content Collaboration tenant will consume. If they select a Multi-Tenant StorageZone, they are required to specify the existing StorageZone (live, and registered on their Content Collaboration partner account).

Master Admin user information must be specified, and will be added to the tenant’s account, along with a partner admin user.

All tenant accounts receive 1,000 available licenses. The CSP payment model is based on the total number of used licenses, and not on total number of all licenses.

Managing CSP Content Collaboration Tenants

How to Update Tenant Accounts:

A partner admin user is always provisioned on the CSP’s Content Collaboration tenant account. This allows the partner to manage the customer’s account, such as configure account settings, manage employee users, run reports, etc. This partner admin is added to the Super User group within their tenant’s account, giving this user complete access to all files and folders. If the partner does not want access to the customer’s Content Collaboration data, they will need to remove the partner admin user from the Super User group. Once the partner admin is removed from the Super User group then that user will only receive access to files that are specifically shared by other employee users.

Change their Content Collaboration subdomain: Any admin user on the Content Collaboration account is able to change the subdomain under “Admin Settings” >> “Company Account Info”

Add more licenses: Prior to creating tenant accounts within the partner’s Citrix Cloud account, CSPs had to request an account through an online form. This form allowed partners to specify the amount of licenses on the account. If this is how the CSP created the tenant account and the partner is looking to add licenses to that account, they can submit that type request here. This request will automatically increase the total license count to 1,000 for that tenant account.

Convert a trial or POC account to an in-production account: Request here.

Tenant Management:

If the CSP has managed Content Collaboration tenants prior to establishing their Citrix Cloud partner account, then their existing tenants will not appear on their Citrix Cloud customer dashboard. Instead, these tenants will only appear on the partner’s Content Collaboration account under “Admin Settings” >> “Advanced Preferences” >> “Tenant Management.” If “Tenant Management” is not an option, then this particular partner user will need to enable the “Manage Tenants” user permission. There is currently not a way to import or show these existing tenants in the CSP’s Citrix Cloud customer dashboard.If the CSP creates a tenant from within Citrix Cloud, then that tenant will appear in their Citrix Cloud tenant dashboard.

If the CSP has created some tenants via the online form and some via Citrix Cloud, then the partner can easily see all tenants from within the partner’s Content Collaboration account (first bullet).

For Multi-Tenant StorageZones:

Each tenant onboarded to a partner’s Multi-Tenant StorageZone receives their own root-level folder within the StorageZone. The name of the root-level folder is the tenant’s unique Content Collaboration account ID (starts with an “a”).

This folder structure, with each tenant having their own root-level folder, ensures that tenant data within their Content Collaboration account is separated from other tenants sharing the Multi-Tenant StorageZone. Tenant end-users will only have access files and folders created and uploaded within their own Content Collaboration account.

For CSP reporting (i.e. payment model):

CSPs are required to report on the amount of used licenses by their Content Collaboration tenants to their preferred Citrix distributor. For directions on capturing the accurate number of licenses for monthly reporting:

If the partner created a Content Collaboration tenant within Citrix Cloud: Log-in to the CSP Citrix Cloud account and navigate to the customer dashboard.

If the CSP has Content Collaboration created tenants from a third-party online form, rather than Citrix Cloud: Log-in to the CSP Content Collaboration partner account and navigate to “Admin Settings” >> “Advanced Preferences” >> “Tenant Management”

Within either of these dashboards, sort the Content Collaboration tenant accounts by “Paid” status.

From list of “paid” Content Collaboration tenants, further separate them by storage type and see if they are defaulted to a Citrix-managed cloud StorageZone or a partner-managed on-premise StorageZone.

Then, the partner must total up the amount of used licenses from all the “paid” cloud tenants and the “paid” on-premise tenants. The reason for separating the used license count by storage type is because they have different reporting SKUs (and subsequent partner price).

Please consult with your preferred Citrix Distributor for reporting SKUs and their pricing, which will be based on the Content Collaboration tenant’s storage type.

Related:

I’ve had this issue for quite some time and surprised no one else has noticed this bug.

After about a day of running SEP, when I look in Regedit under HKEY_USERS I’ll see everyone’s hive who has previously logged into the Windows Server 2016/XenApp 1808 VM’s. If these users attempted to return to the affected VM, they would be denied logging in until their hive was dismounted. The bug is able to suvive a reboot.

This issue seems to manifest when the Symantec registry key LaunchSMCGui is set to zero.

I used to temporarily mitigate the problem by running SMC -Stop and SMC -Start but this no longer works in 14.2 MP1. SEP 14.2 would cause my XenApp VM’s to BSOD a lot.

Please run the following command to do a Delivery Controller’s health check from an elevated powershell window:

To load the Citrix modules run asnp citrix*

1. Run Get-BrokerController to list the information about all the Delivery Controllers in the site.

Note down the SID of the controller and match it with the SID value in the chb_configcontrollers XenApp/XenDesktop Site database table (Browse to the database for your XenDesktop environment, expand tables and then check for the table by the chb.config controller)

Also ensure that the status of all the Delivery Controllers is “Active”

2. To check the service status of all the Citrix Services , run the following command:

Get-command get-*servicestatus

Copy all the values in ‘Name’ and paste it in the next command line

OUTPUT: Service status should come up as ‘OK

3. To measure the number of instances getting registered from the controller with the database:

Get-ConfigRegisteredServiceInstance | measure

OUTPUT: Will give the consolidated number. (With every version we have few new services and instances which get added, i.e, with 7.6 we have 49 instances. If you have 2 controllers in the environment then the value will come up to be 49*2=98)

4. For environment where we have separate databases for Logging and Monitor service, the following command can be run to check the status:

(In case you have a single database for Ste, Monitoring and Logging the String value will be same. For environment with different databases, the string value will be different for Logging and Monitor datastore)

Get-LogDatastore

Get-MonitorDatastore

5. To check the connection string which connects the Delivery Controller uses to communicate to the site database, run the following command:

In order to broker connections to Virtual Machines, the Delivery Controller (on-prem)/ Connector (Cloud) relies upon an installed software component on each virtual machine – the Virtual Desktop Agent (VDA) – being in communication with one of the controllers/connectors in your site. This state is referred to as the VDA being registered.

XenApp/XenDesktop: Application launch gets stuck at “Connection Established. Negotiating Capabilities” for a few minute and then closes out.

In Citrix Studio the session is found in Prelogon State.

Csrss.exe and winlogon.exe get created for that session till the time it is stuck at “Connection Established. Negotiating Capabilities” and then once the windows disappears, winlogon.exe and csrss.exe for that session also close out.

The process at the moment is as follows: an end-user has already entered his/her PIN code while receiving Kerberos ticket from AD, yet PIN is asked again for each repeated authentication against AD. It seems that there should be a way to configure SSO on Receiver for Linux simiraly as it works on Windows clients.

Can Linux receiver provide the ability to read these Kerberos tickets from a local Linux Kerberos credential cache, providing logon to XD/XA and re-using them for AD-related authentication (SSO)?

Answer

As of now as per the Citrix Receiver Feature matrix, Pass through Authentication is not enabled for Receiver for Linux.

XenApp/XenDesktop 7.15.2000: Citrix Studio Times Out While Enumerating Application Groups in Large Environments where lot of Application Groups are Published and Tagging is also enabled.

When you click on “Applications” tab in Citrix Studio it gets hung with a spinning circle for a few minutes and then throws the error “Database Could Not be Contacted”. When you click on Error details you see “Get-BrokerApplicationGroup” gives the error “Problem Occurred contacting the database”

The issue does not occur with any other tab in Citrix Studio except while clicking on “Applications Tab”.

CDF TRACE

In CDF Traces collected from Delivery Controllers we see ‘Execution Timeout Expired.

44614,1,2018/07/02 13:10:07:60659,3124,5752,0,BrokerController,_#dotNet#_,0,,1,CDF_NET_INFO,”BrokerController:2:1:EventLogManager decided to log event CdsEventDatabaseConnectivityLost of type Warning with arguments: ‘Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.’ ‘System.Data.SqlClient.SqlException’.This is based on event log groups BrokerStartup.DatabaseConnectivity”,””

44627,1,2018/07/02 13:10:07:64208,3124,5752,0,BrokerFiltering,_#dotNet#_,0,,1,CDF_NET_ERROR,”BrokerFiltering:1:1:BrokerSDKLogic.GetChbCommon: Unexpected exception Citrix.Fma.Sdk.Dal.DALConnectionFailedException: Cannot connect to database server —> System.Data.SqlClient.SqlException: Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding. —> System.ComponentModel.Win32Exception: The wait operation timed out

After Creating the below Registry key Citrix Studio does give results after 6-7 minutes but for those 6-7 minutes it becomes unusable. It means waiting over 6 minutes for the Citrix Studio GUI to display information of each page like just moving between different Application Group folders.

Related:

Two security issues have been identified within Citrix ShareFile StorageZones Controller that, if exploited, could allow a compromised or malicious ShareFile user to write arbitrary files as that Active Directory user to the local file system, and also to discover the full local file system paths of shared files to which the ShareFile user has access.

These issues affect all currently supported versions of Citrix ShareFile StorageZones Controller before version 5.4.2.